2

我想用 C# 获取 windows7(64 位)上的所有托盘图标,但是当我使用 windows api“ReadProcessMemory”时,无法识别托盘按钮文本。下面的代码

        IntPtr pid = IntPtr.Zero;
        IntPtr ipHandle = IntPtr.Zero; 
        IntPtr lTextAdr = IntPtr.Zero; 

        IntPtr ipTray = TrayToolbarWindow32();

        WinApiHelper.GetWindowThreadProcessId(ipTray, ref pid);
        if (pid.Equals(0))
            return iconList;

        IntPtr hProcess = WinApiHelper.OpenProcess(WinApiHelper.PROCESS_ALL_ACCESS | WinApiHelper.PROCESS_VM_OPERATION | WinApiHelper.PROCESS_VM_READ | WinApiHelper.PROCESS_VM_WRITE, IntPtr.Zero, pid);

        IntPtr lAddress = WinApiHelper.VirtualAllocEx(hProcess, 0, 4096, WinApiHelper.MEM_COMMIT, WinApiHelper.PAGE_READWRITE);


        int lButton = WinApiHelper.SendMessage(ipTray, WinApiHelper.TB_BUTTONCOUNT, 0, 0);

        for (int i = 0; i < lButton; i++)
        {

            WinApiHelper.SendMessage(ipTray, WinApiHelper.TB_GETBUTTON, i, lAddress);


            WinApiHelper.ReadProcessMemory(hProcess, (IntPtr)(lAddress.ToInt32() + 16), ref lTextAdr, 4, 0);

            if (!lTextAdr.Equals(-1))
            {
                byte[] buff = new byte[ 1024 ];

                WinApiHelper.ReadProcessMemory(hProcess, lTextAdr, buff, 1024, 0);
                string title = System.Text.ASCIIEncoding.Unicode.GetString(buff);

和api声明

    [DllImport("kernel32", EntryPoint = "ReadProcessMemory")]
    public static extern int ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, ref IntPtr lpBuffer, int nSize, int lpNumberOfBytesWritten);

    [DllImport("kernel32.dll", EntryPoint = "ReadProcessMemory")]
    public static extern bool ReadProcessMemoryEx(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, IntPtr size, out IntPtr lpNumberOfBytesRead);

    [DllImport("kernel32", EntryPoint = "ReadProcessMemory")]
    public static extern int ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] lpBuffer, int nSize, int lpNumberOfBytesWritten);

    [DllImport("kernel32.dll")]
    public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, UIntPtr nSize, IntPtr lpNumberOfBytesRead);

问题就在这里

string title = System.Text.ASCIIEncoding.Unicode.GetString(buff);

转换后,无法识别字符串“title”,可能像

ǎ\0\0\0\0Д\0\0à\0\0ƿ\r\0\0\0\0\0\0\0\0\0\0D:\\Tools\\ESET Smart Security\\egui.exe\0\0\0\0\0\0\0\0\0\0\0\0\0\

不知道为什么,求助

4

1 回答 1

2

你可能要考虑你在做什么。 ReadProcessMemory是为需要的调试器设计的调试功能SeDebugPrivilege,所以我希望你正在编写一个调试器。忽略我在考虑以非调试能力使用这些功能时的不适,您正在泄漏您分配的缓冲区并要求您的应用程序以管理员身份运行。

如果此应用程序仅用于您自己的目的而没有其他用途,请查看相关问题Systray Access,因为似乎有单独的 TB_GETBUTTONTEXT 消息。我想您实际上是在接收按钮数据,而不是复制内存中的文本,从而导致问题。

于 2012-11-10T16:26:47.360 回答